Storage system and method for performing and authenticating write-protection thereof
Abstract
In one embodiment, the method includes receiving, at a storage device, a request. The request includes a request message authentication code and write protect information. The write protect information includes at least one of start address information and length information. The start address information indicates a logical block address at which a memory area in a non-volatile memory of the storage device starts, and the length information indicates a length of the memory area. The method also includes generating, at the storage device, a message authentication code based on (1) at least one of the start address information and the length information, and (2) a key stored at the storage device; authenticating, at the storage device, the request based on the generated message authentication code and the request message authentication code; and processing, at the storage device, the request based on a result of the authenticating.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A storage device, comprising:
a memory unit corresponding to non-volatile memory; and
a controller unit configured to communicate with a host device wherein, while in communication with the host device, the storage device is further configured to:
receive, from the host device, a request, the request including a request message authentication code and write protection information including at least one of start address information, length information, writable information indicating whether to apply write protection to a memory area, and a selection value selected from among at least first to third write-protection values of a field indicating a type of write-protection to apply to the memory area in response to a power-off, a hardware reset, a power-on, or the request, wherein:
the first write-protection value indicates that the writable information is changed to a first value after a powering on of the storage device, the first value indicating that the memory area is writable,
the second write-protection value indicates that the writable information is changed to a second value after a powering off or a hardware reset of the storage device, the second value indicating that the memory area is protected against writing, and
the third write-protection value indicates that the writable information is changed by the request,
the start address information indicates a logical block address at which the memory area in a non-volatile memory of the storage device starts, and
the length information indicates a length of the memory area;
generate a message authentication code based on at least one of the start address information and the length information, and a key stored at the storage device;
authenticate the request based on the generated message authentication code and the request message authentication code; and
process the request based on a result of the authentication.
2. The storage device of claim 1 , wherein the memory area corresponds to a partition in the memory unit.
3. The storage device of claim 1 , wherein the storage device further comprises a second memory unit different from the memory unit, wherein the second memory unit is configured to store the request message authentication code and the write protection information included in the request.
4. The storage device of claim 1 , wherein:
the write protection information includes both the start address information and the length information; and
the generated message authentication code is based on the start address information, the length information, and the key.
5. The storage device of claim 4 , wherein:
the write protection information includes the start address information, the length information and a partition identifier, the partition identifier identifying a partition in the memory unit, the partition including the memory area; and
the generated message authentication code is further based on the partition identifier.
6. The storage device of claim 4 , wherein:
the write protection information includes the start address information, the length information, a partition identifier identifying a partition in the memory unit, the partition including the memory area, and the writable information indicating whether to apply the write protection to the memory area; and
the generated message authentication code is further based on the partition identifier and the writable information.
7. The storage device of claim 6 , wherein:
the write protection information includes the start address information, the length information, the partition identifier, the writable information, and field indicating a kind of the write-protection to apply to the memory area; and
the generated message authentication code is further based on the partition identifier, the writable information, and the field.
8. The storage device of claim 1 , wherein the generated message authentication code corresponds to a hash-based message authentication code.
9. The storage device of claim 1 , wherein the controller unit is further configured to:
authenticate the request if the generated message authentication code matches the request message authentication code and process the request if the request is authenticated; and
forgo authenticating the request if the generated message authentication code does not match the request message authentication code.
10. The storage device of claim 1 , wherein the request includes instructions for the storage device to update the write protection information with information included in the request.
11. The storage device of claim 10 , wherein the storage device is further configured to, while processing the request:
increment an update counter; and
send a response message to the host device, the response message including a count value of the update counter.
12. The storage device of claim 1 , wherein the storage device is further configured to:
send a response message to the host device in response to receiving the request if the request is processed.
13. The storage device of claim 1 , wherein the storage device is further configured to:
store, at the storage device, the selection value of the write protection information while processing the request.
14. The storage device of claim 13 , wherein the storage device is further configured to:
receive a write command to write data to the memory unit; and
determine whether to process the write command based on the selection value stored after receiving the request.
15. The storage device of claim 1 , wherein the request is a WP Descriptor Update Request about a write-protect descriptor including the write protection information.
16. The storage device of claim 15 , wherein the storage device is further configured to:
receive a WP Descriptor Read Request from the host device before receiving the request;
transmit a WP Descriptor Read Response to the host device in response to the WP Descriptor Read Request before receiving the request.
17. The storage device of claim 1 , wherein the storage device is a memory card.
18. The storage device of claim 1 , wherein the storage device is embedded in the host device.
19. The storage device of claim 1 , wherein the storage device is an external device that is connectable to the host device to communicate with the host device.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.